Index: blimp/net/exact_match_cert_verifier.cc |
diff --git a/blimp/net/exact_match_cert_verifier.cc b/blimp/net/exact_match_cert_verifier.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..f2cd4bacb4711f51f6e5d9271a7ec1e45b6841bb |
--- /dev/null |
+++ b/blimp/net/exact_match_cert_verifier.cc |
@@ -0,0 +1,54 @@ |
+// Copyright 2016 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "blimp/net/exact_match_cert_verifier.h" |
+ |
+#include "base/callback.h" |
+#include "base/macros.h" |
+#include "base/memory/scoped_ptr.h" |
+#include "net/base/net_errors.h" |
+#include "net/cert/cert_verifier.h" |
+#include "net/cert/cert_verify_result.h" |
+#include "net/cert/x509_certificate.h" |
+ |
+namespace blimp { |
+ |
+ExactMatchCertVerifier::ExactMatchCertVerifier( |
+ scoped_refptr<net::X509Certificate> engine_cert) |
+ : engine_cert_(std::move(engine_cert)) {} |
+ |
+ExactMatchCertVerifier::~ExactMatchCertVerifier() {} |
+ |
+int ExactMatchCertVerifier::Verify(net::X509Certificate* cert, |
+ const std::string& hostname, |
+ const std::string& ocsp_response, |
+ int flags, |
+ net::CRLSet* crl_set, |
+ net::CertVerifyResult* verify_result, |
+ const net::CompletionCallback& callback, |
+ scoped_ptr<Request>* out_req, |
+ const net::BoundNetLog& net_log) { |
+ verify_result->Reset(); |
+ verify_result->verified_cert = cert; |
+ |
+ if (!cert->Equals(engine_cert_.get())) { |
Ryan Sleevi
2016/02/25 22:16:25
One thing worth noting: X509Certificate::Equals on
Kevin M
2016/02/26 00:30:04
Yep, that makes sense. Done.
|
+ verify_result->cert_status = net::CERT_STATUS_INVALID; |
+ return net::ERR_CERT_INVALID; |
+ } |
+ |
+ // Attach hashes of |cert| to VerifyResult. |
+ net::SHA1HashValue sha1_hash; |
+ sha1_hash = |
+ net::X509Certificate::CalculateFingerprint(cert->os_cert_handle()); |
+ verify_result->public_key_hashes.push_back(net::HashValue(sha1_hash)); |
+ |
+ net::SHA256HashValue sha256_hash; |
+ sha256_hash = |
+ net::X509Certificate::CalculateFingerprint256(cert->os_cert_handle()); |
+ verify_result->public_key_hashes.push_back(net::HashValue(sha256_hash)); |
Ryan Sleevi
2016/02/25 22:16:25
FWIW, since |cert->os_cert_handle()| will always b
Kevin M
2016/02/26 00:30:04
Done.
|
+ |
+ return net::OK; |
+} |
+ |
+} // namespace blimp |